Oh, I guess that was Salvatore's comment. Anyway, caught up with Armando in IRC and it sounds like even if the attacker _does_ guess another tenant's resource UUID (which this bug doesn't enable or simplify in any way), there was still no clear indication that it would allow a data plane breach.
Given that I'm switching this to a regular bug now.
Oh, I guess that was Salvatore's comment. Anyway, caught up with Armando in IRC and it sounds like even if the attacker _does_ guess another tenant's resource UUID (which this bug doesn't enable or simplify in any way), there was still no clear indication that it would allow a data plane breach.
Given that I'm switching this to a regular bug now.